The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.
Add your gear to cvedb and we'll alert you only when formcrafts ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.